RU2351978C2 - Method for provision of data records set integrity - Google Patents

Abstract

FIELD: information technologies. ^ SUBSTANCE: system for storage of data records includes data base configured with the possibility to store and represent signed data, data source configured with the possibility to present data records for storage in data base, signing component configured with the possibility to sign data records, which should be saved in data base, control sum of integrity checkup, which is calculated on the basis of signed data record, control sum of data record integrity checkup, which precedes the signed data record, and verifying component configured with the possibility to verify integrity of selected data records by means of calculation of control sum for integrity checkup on the basis of verified data record, control sum of data record integrity checkup, which precedes verified data record, and storage key, and comparison of calculated control sum of integrity checkup to control sum of integrity checkup, which is stored in data base. ^ EFFECT: increased protection of recorded data. ^ 18 cl, 3 dwg

Description

FIELD OF TECHNOLOGY

The invention relates to a method, system and computer program for ensuring the integrity of a set of data records stored in a database or similar information storage medium.

BACKGROUND

Many computerized applications produce huge amounts of data that must be stored. Typically, computerized application events are logged in a log file. Log files are one of the most important sources of information for system operators, software developers, security personnel, and various other groups.

Traditionally, protocol file data is sequentially written to a protocol file. The main elements of most protocol files are protocol records, which are often represented as strings in a protocol file. It is very important that the structure and contents of the log file remain authentic. In particular, for safety reasons, it is especially important that the lines cannot be changed or deleted in any way without notifying the administrator of the changes made.

Widely known methods for ensuring the integrity of the log file. For example, message authentication codes (MACs) or digital signatures can be used to associate a cryptographic code with each protocol file. Later unauthorized modifications may be detected, because if the contents of the file change, then the digital signature or authentication code changes. However, these variations of the methods do not protect data integrity until a digital signature or other type of authentication code is assigned to the protected file.

However, in many applications, the amount of data stored is huge. Thus, there is a need for storing protocol data or similar data in a relational database. In this case, the integrity protection task changes somewhat. In relational databases, data is stored in tables consisting of tuples of attributes, the so-called records. Typically, protocol records are stored in the database so that each line of the protocol corresponds to a record of a particular database table.

Integrity protection in relational databases has traditionally been based on restricting access rights for database users so that unauthorized users cannot modify the contents of the database. Access control is performed by the relational database management system (RDBMS). Another way to ensure the integrity of the database is to save it as a file on disk and attach cryptographic code to it, as described above.

This approach is often inconvenient, since many database tables are dynamic in nature and need to be updated very often. In the protocol database, for example, protocol records produced during the day should be inserted all the time in the corresponding database table, while the amount of data stored can be huge, as in the case of bank transactions. Freezing the contents of database tables and protecting its integrity with a cryptographic checksum is only useful when you can be sure that the contents of the table will no longer be updated. In relation to the protocol database, this means that daily database tables should be used to accumulate information. The disadvantage of this solution is that queries that require access to data for several days must search in several tables to execute the query.

US Pat. No. 5,978,475 describes a method for verifying the integrity of a protocol file. However, the aforementioned patent does not disclose any means for storing data in a database in which the administrator has every opportunity to change the data in the data records.

A major drawback of traditional solutions is that they cannot be applied in situations where a database system is used, and the database administrator cannot be completely trusted. In most database management systems, the database administrator has close to unlimited rights to modify the database and its contents. Any data that is inserted into the database can be maliciously changed by the administrator, even before the data is cryptographically protected from unauthorized modifications.

The main disadvantage of the known solutions is the problem of managing access rights to the database. A further disadvantage is that the data cannot be stored in digitally signed files, as they are constantly changing. The third major drawback is that you must rely on the database administrator. Currently, an administrator is usually a technical worker who, in fact, does not even need to know the information stored in the database. Thus, there is a need for a method that allows many people to monitor the integrity of the contents of a database and verify this integrity, having access rights to data stored in the database.

SUMMARY OF THE INVENTION

The invention discloses a method for ensuring data integrity in database systems. The invention discloses a solution for creating publicly viewable databases with publicly accessible checksums that can be used to verify integrity. According to the present invention, the integrity check checksum is calculated in a cryptographic manner from the stored data, the checksum of the previous record and the storage key. The storage key is known only to persons who have the right to sign data in the database. The person who has the right to sign may and must differ from the administrator of the database. One solution is to use public key cryptography, in which the signatory calculates the integrity checksum using his private key, and the person who wants to verify the integrity can use his public key for verification. The calculated checksum is appended to the data record. The first record can be a generated initial record, or it can use the previously agreed previous checksum, which is necessary to calculate its own checksum. During verification, the integrity check checksum is calculated similarly and compared with a pre-calculated checksum attached to a specific data record.

An advantage of the invention is to obtain an authentic integrity check database. Using the method according to the invention, the database can be signed so that the contents of the database can only be changed by authorized persons who have the right to sign. According to the invention, data records stored in a database cannot be deleted or modified in any way without breaking the chain of calculated integrity checksums.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are attached to provide a better understanding of the invention, and form part of this description, illustrate embodiments of the invention and together with the description help to explain the principles of the invention. In the drawings:

figure 1 is a block diagram illustrating the basic principle of verification of integrity according to the invention,

2 is a flowchart illustrating an embodiment of storing a data record according to the invention,

figure 3 is a block diagram illustrating an embodiment of a system according to the scheme shown in figure 2.

DETAILED DESCRIPTION OF THE INVENTION

Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings.

Figure 1 is a block diagram of a basic principle of integrity verification. According to figure 1, the input data can be taken in any suitable form. However, the invention is most useful in cases where there are a large number of data records coming in at a fast pace. Such records may be, for example, data records of bank transaction protocol files, which are usually stored in large databases. These log files must be authentic, and they must include every event so that they can be admitted to a civil court if necessary.

According to figure 1, the data enters the signing component 10. The signing component 10 has its own administrator having the authority to sign data records. Signing can take the form of digital signature, encryption or one-way hashing. In this description, signing refers to calculating a checksum and attaching the calculated checksum to a data record. Hereinafter, the signing key is referred to as a storage key, which may be any type of signing key. On the other hand, it may be useful to use the traditional public key encryption method, which allows you to include the name of the signatory in each signed record. The key can be entered into the system in the same way as it is done in secure mail systems, in which the key includes the secret key file and the secret part of the password, which is entered from the keyboard into the encryption device. The key can also be entered via a smart card or the like, or by any other suitable device.

The method according to the invention consists in signing each data record with an integrity check checksum, which is calculated from the data record to be signed, the integrity checksum of the previous record and the storage key. The calculated integrity check checksum is then attached to the data record. It can be attached directly to the data, or the database 11 may contain a separate field for the checksum of the integrity check. Since the calculated integrity check checksum depends on the previous integrity check checksum, it is impossible to remove one or more lines from the middle of the records without violating the integrity, since a complete integrity checksum chain is required for verification. Signed data with integrity checksums will be stored in database 11. The database administrator can perform various tasks regarding stored data, but he cannot secretly modify the contents of the data or delete data records.

Verification of the integrity of the sequence of data records is performed in the same way as signing. The verification component 12 calculates an integrity check checksum based on a signed data record, a previous integrity check checksum, and a storage key. The calculated integrity check checksum is then compared with the checksum stored in the database 11. If the checksums are not equal, then the database has been modified and is not authentic. The method has the advantage that the integrity of the data record can be quickly verified without having to verify the integrity of the entire database. Verification can be started at any point in the stream of consecutive data records. It should be noted that the authenticity of the record from which the previous integrity check checksum was extracted cannot be guaranteed. Thus, the verification process should begin by extracting the checksum of the integrity of the data record preceding the verified data record.

If public key cryptography is used for signing, then an authorized person with the right to sign signs the entries in the signing component 10 using his private key. A key can be created to sign a specific database and can be shared with a trusted group that has the right to sign. When checking integrity, the public key of the person with the right to sign is used to decrypt the checksum.

There are various ways to initially create a database. Since there is no previous integrity check checksum available, an initialization vector can be used instead of the previous integrity checksum for the first row of the database. The first line may include actual data or data related to initialization. For example, an initialization vector may include information regarding initialization, such as a date, and a digital signature of the person in charge as a checksum. Thus, there is a previous checksum for the first real data record. A vector or initialization string can also be used in the middle of the database, which allows you to distribute data into blocks. The distribution of data in blocks does not change the verification procedure.

FIG. 2 illustrates a flowchart for one embodiment of storing a data record. At step 20, data is received from any suitable information system. The data are similar to those accepted in the embodiment shown in FIG. After receiving the data in step 21, the integrity check checksum is calculated. The integrity check checksum can be calculated by any well-known method, as discussed in the description of the embodiment of the invention shown in FIG. The calculation of the integrity check checksum is based on the previous checksum, i.e. the checksum applied to the previous data record on the data to be signed and on the storage key. Only persons authorized to sign data records know the storage key. The previous checksum is read from the memory of the signing device. If the integrity check checksum is always read from the database, the database administrator can maliciously delete the last row of the database without any problems, because the integrity check checksum chain will not be broken. There are also other means of ensuring the authenticity of the last line, for example, using the current sequence number as part of the checksum parameters.

The data record is signed by attaching the calculated integrity check checksum to the data record, as shown in step 22. The signed data will be stored in the database. The database may contain separate fields for data and integrity checksum. The database may also contain additional information fields that can also be used to calculate the integrity checksum, for example, the name of the signatory. After storing the data in the database, the integrity checksum is stored in the memory of the signing device, as shown in step 24. This ensures that the previous integrity checksum used later does not change after it has been calculated.

Figure 3 illustrates a block diagram of one embodiment of the invention. In Fig. 3, all components are shown as separate blocks, but it will be apparent to those skilled in the art that the components can also be implemented in software form. The system operates according to the method presented in figure 2. Therefore, its operation is not described in detail.

The system according to the invention includes a data source 30, a signing component 31, a database 32, a database administration console 33 and a verification component 34. The data source 30 can be any information system that produces data that needs to be stored in the database 32. The signing component 31 is implemented, for example, through a computer program running on a computer that is connected to the database system 32, or through a software module in the database system 32. The database 32 and the database administration console 33 can be any general-purpose database system, for example, an Oracle database management system. Verification component 34 is similar to signing component 31. If a public key encryption infrastructure is used, then signing component 31 has a secret key, and verification component 34 has a corresponding public key.

For a specialist it is obvious that with the development of technology the main idea of the invention can be implemented in various ways. Thus, the invention and its implementation are not limited to the examples described above, but may vary within the framework of the claims.

Claims (18)

1. A method of storing data records in a database system in which a signing component is used to sign data records, wherein said method includes:
receiving data records for storage in the database;
retrieving from the memory of the signing component the first checksum of the integrity check stored with the data record preceding the stored data record;
computing a second integrity check checksum for the stored data record in a cryptographic manner based on the storage key, the first integrity check checksum and the stored data record extracted;
storing the data record and the second integrity check checksum in the database; and
storing the second integrity check checksum in the memory of the signing component. 2. The method of claim 1, wherein the storage key is a secret key of the public key encryption infrastructure. 3. The method according to claim 1, in which the generated initialization vector is used as the extracted first integrity check checksum for the first database row. 4. The method according to claim 1, in which the extracted integrity check checksum for the first row of the database is a digital signature of the signing component. 5. The method according to claim 1, in which the first checksum of the integrity check is extracted from the memory of the signing component. 6. The method according to claim 1, in which the second integrity checksum is stored in the memory of the signing component. 7. The method of claim 1, wherein the integrity check checksum comprises a current serial number. 8. A method for verifying the integrity of data records in a database, in which a verification component is used to verify the integrity of data records, the method comprising:
extracting a verified record of data from the database;
extracting the checksum of the integrity check of the verified data record from the database, while the checksum of the integrity check of the verified data record is extracted from the memory of the verifying component if the verified record is the last record in the database;
extracting a first integrity check checksum for the data record preceding the extracted data record;
calculating a second integrity check checksum for the extracted data record based on the extracted data record, the first integrity check checksum and the storage key; and
comparing the second integrity check checksum with the integrity checksum of the verified data record, wherein the verified data record is considered authentic if the integrity checksum of the verified data record and the second integrity checksum are equal. 9. The method of claim 8, wherein the storage key is a public key of a public key encryption infrastructure. 10. The method of claim 8, in which the generated initialization vector is used as the extracted first integrity check checksum for the first database row. 11. The method according to claim 8, in which the extracted integrity checksum for the first row of the database is a digital signature of an authorized person authorized to sign. 12. The method of claim 8, in which the first integrity checksum is retrieved from the memory of the verification component. 13. The method of claim 8, in which the second integrity checksum is stored in the memory of the verification component. 14. The method of claim 8, wherein the integrity check checksum comprises a current sequence number. 15. A system for storing data records in a database system in which a signing component is used to sign data records, and a verification component is used to verify the integrity of data records, wherein said system for storing data records includes:
a database configured to store and provide signed data;
a data source configured to provide data records for storage in a database;
a signing component configured to sign data records to be stored in the database, an integrity check checksum calculated on the basis of the data record being signed, a data record integrity checksum preceding the data record being signed, and a storage key, while the signing component configured to store the integrity checksum in the memory of the signing component; and
a verification component configured to verify the integrity of the selected data records by calculating the integrity check checksum based on the verified data record, the data record integrity checksum, the previous data record being verified, and the storage key, and comparing the calculated integrity check checksum with the verification checksum the integrity stored in the database, while the checksum of the integrity check of the verified record data x is extracted from the memory component of the verification, if verifiable record is the last record in the database. 16. The system of claim 15, wherein the signing component and the verification component use the public key encryption infrastructure to calculate and verify the checksum. 17. A device containing a computer program for storing data records in a database system in which a signing component is used to sign data records, while the computer program performs the following actions when it is executed in a computer device:
receiving a data record to be stored in the database,
retrieving the first integrity check checksum stored with the data record preceding the data record to be stored;
calculating a second integrity check checksum for the added data record in a cryptographic manner based on the storage key, the first integrity check checksum and the data record to be stored; and
storing the data record and the second integrity check checksum in the database. 18. A device containing a computer program for verifying the integrity of data records in a database, while the computer program performs the following actions when executed in a computer device:
retrieving the data record to be verified from the database;
retrieving an integrity check checksum from the database for the verified data record;
extracting a first integrity check checksum for the data record preceding the extracted data record;
calculating a second integrity check checksum for the extracted data record based on the extracted data record, the first integrity check checksum and storage key, and
comparing the second integrity check checksum with the integrity checksum of the verified data record, the data record being considered authentic if the integrity checksum of the verified data record and the second integrity checksum are equal.

Images